Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
447 Views 1 Reply Latest reply: Aug 26, 2013 7:03 AM by ronish RSS
monstromurk Newcomer 3 posts since
Aug 21, 2013
Currently Being Moderated

Aug 21, 2013 3:12 PM

Log On As A Batch Job User Right Policy

I cannot for the life of me figure out how to solve this issue. Any help on the matter would be truely appreciated.

 

 

Microsoft Windows Log On As A Batch Job User Right Policy

 

 

Description

 

The "Log on as a batch job" user right setting does not match policy.

 

 

 

 

Regulation

 

PCI 10.2: The Payment Card Data Security Standard requires that organizations implement automated audit trails to reconstruct the following events:    1. All individual accesses to cardholder data  2. All actions taken by any individual with root or administrative privileges  3. Access to all audit trails  4. Invalid logical access attempts  5. Use of identification and authentication mechanisms  6. Initialization of the audit logs  7. Creation and deletion of system-level objects

 

Recommendation

 

If the "Log on as a batch job" group list defined in WindowsPolicy.fasl3.inc does not match the corporate policy for the environment in which the system operates it can be overridden by redefining the SeBatchLogonRightGroups array in myWindowsPolicy.fasl3.inc.Otherwise, if the groups granted the "Log on as a batch job" user right do not comply with policy, logon to the system with administrator privileges and adjust the groups accordingly.To adjust groups, do the following:1. Click the Start button2. Select Settings from the Start menu3. Select Control Panel from the Settings menu4. Double click the Administrative Tools icon in the Control Panel window5. Double click the Local Security Policy icon in the Administrative Tools window6. Expand the Local Policies icon7. Click the User Rights Assignment icon8. Locate the "Log on as a batch job" and double click it9. Add or remove groups as necessary10. Click Apply, then click OK

 

Observation

 

The "Log on as a batch job" user right specifies which accounts may logon to the system in a non-interactive context.NOTE: This check requires at least Foundstone version 4.0.6.

 

Common Vulnerabilities & Exposures Link

 

CVE-1999-0534

 

Message was edited by: monstromurk on 8/21/13 3:12:57 PM CDT

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points